PSI EU-US UK Extension Swiss-US Data Privacy Framework Policy
PSI Data Privacy Framework Notice and Policy
This EU-US, UK Extension to the EU-U.S. DPF, and Swiss-US Data Privacy Framework Policy (“DPF Policy”) supplements and is incorporated within PSI’s Privacy Policy or other applicable privacy notice which is generally provided at the time of data collection or as soon as practical thereafter. Any capitalized terms not defined within this DPF Policy shall have the same meaning prescribed to them within PSI’s Privacy Policy. This DPF Policy applies to the transfers of Personal Data from the European Union, the United Kingdom (and Gibraltar), and Switzerland in order to comply with the transfer requirements under data protection laws, including the EU General Data Protection Regulation (“GDPR”).
PSI’s participation in the Framework(s)
PSI Services LLC and its United States subsidiaries and affiliates (“PSI”) complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. PSI has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. PSI has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
PSI has certified that it adheres to the DPF Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability with respect to all Personal Data received from the EU, UK, or Switzerland in reliance on the DPF. PSI is subject to the investigatory and enforcement powers of the US Federal Trade Commission (“FTC”), which has jurisdiction over PSI’s compliance with this Policy and the DPF.
PSI U.S. entities, including affiliates and subsidiaries adhering to the DPF Principles
- PSI Services LLC
- PSI Solutions LLC
Types of Personal Data collected
PSI processes Personal Data for the purposes described under the “Purposes of Processing” section of our Privacy Policy.
Disclosure of Personal Data
Rights, choices and means to limit disclosure of Personal Data
Complaints, dispute resolution, data subject requests, and limiting the use and disclosure of Personal Data
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, PSI commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact our DPO here.
In compliance with EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, PSI commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (“ICO”), the Gibraltar Regulatory Authority (“GRA”), and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of Personal Data received in reliance EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
Data subjects may contact the relevant independent recourse mechanism listed below:
- EU Data Protection Authorities (DPAs)
- Swiss Federal Data Protection and Information Commissioner
- UK Information Commissioner’s Office
The Federal Trade Commission has jurisdiction over PSI’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
If a dispute or complaint cannot be resolved by PSI nor by the EU Data Protection authorities, the Swiss FDPIC, or the UK ICO, a data subject has the right to require that PSI enter into binding arbitration pursuant to the DPF’s Recourse, Enforcement and Liability Principle and Annex I of the DPF.
We will not share, sell or distribute any of the information you provide to us without your consent, except as described in the relevant privacy notice provided at or near the time of collection, or when acting on behalf of our clients, at the direction of our clients (the data controllers) on whose behalf we are processing Personal Data.
Accountability for onward transfer
PSI complies with the DPF Principles for all onward transfers of Personal Data from the EU, UK and Switzerland, including the onward transfer liability provisions. PSI will only transfer Personal Data about E.U., UK and Swiss individuals to third-parties where the third-party (a) has provided satisfactory assurances to PSI that it will protect the information consistently with this DPF Policy; or (b) is located in the E.U. or a country considered “adequate” for privacy by the European Commission or UK ICO, and therefore is required to comply with the E.U. or UK data protection laws or substantially equivalent privacy laws depending upon where the Personal Data originated. Where PSI has knowledge that a third-party to whom it has provided E.U., UK or Swiss Personal Data is processing that information in a manner contrary to this DPF Policy, PSI will take reasonable steps to prevent or stop the processing.